*Highlights:* *Systems Affected:* Microsoft Windows NT, 2000, XP, Vista, and 7 Impact: Regin is a remote access Trojan (RAT), able to take control of input devices, capture credentials, monitor network traffic, and gather information on processes and memory utilization. The complex design provides flexibility to actors, as they can load custom features tailored to individual targets
*Further References:* https://securelist.com/files/2014/11/Kaspersky_Lab_whitepaper_Regin_platform_eng.pdf https://malwr.com/analysis/OTlmYTk1MzA2NjE5NDIxYTgzMWQxOWNhODFmNmRmNDQ/ http://www.spinics.net/lists/security/msg02793.html Cheers, Naik On Thu, Nov 27, 2014 at 3:32 PM, Srinivas Naik <[email protected]> wrote: > HI G33Ks, > > Source: knowbe4.com > > Symantec researchers discovered "the new Stuxnet", but it has been in > operation since at least 2006. Obviously a highly advanced spying tool, > better than the best malware out there. If you look at the list of > countries infected, it is clear that this is built by the USA with perhaps > some help from others. > > The NSA is likely behind this one, and Symantec published a 22-page report > and blog post on the Regin malware, which it described as a powerful > cyberespionage platform that can be customized depending on what type of > data is sought. Here is a link to their PDF: > > http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdf > > If Regin does turn out to have been active and hidden for 8 years, the > discovery means that nation states are still having a 100% success rate in > avoiding all antivirus products, which is very bad news for companies > trying to protect their networks and crown jewels. > > Symantec has been quietly trying to analyze this critter for the last 12 > months. It has five separate stages, each one depending on the previous > stage to be decrypted. It also uses peer-to-peer communication, which > avoids using a centralized command-and-control system to exfiltrate stolen > data. > > It's also not clear yet how users become infected with Regin. Symantec > figured out how just one computer became infected so far, which was via > Yahoo's Messenger program. Possibly the user was a victim of social > engineering, but it could just as well be a zero-day in Messenger itself > which infects a PC without any interaction from the user. > > > Thanks, > > Naik > -- You received this message because you are subscribed to the Google Groups "NFORCEIT" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send an email to [email protected]. Visit this group at http://groups.google.com/group/nforceit. For more options, visit https://groups.google.com/d/optout.
